Website security test plan

This 'website security test plan' article is supplied by Web Site Security, where you can find more information about website security test plan.

Website Security Concerns - An Evaluation



It is unfortunate, but there are lots of ways in which website security can be jeopardised. Security dangers exist which have an effect on Web servers and LANs (local area networks) on which Websites are situated, even by the natural use of a Web browser.

Web Masters come under fire when coping with the major threats. As soon as a Web server is set up at a site, a porthole materialises in the local area network through which anyone who's on the Internet can peer. Of course, for the most part web site visitors see only what they're supposed to look at, but a handful of them attempt to unearth areas of the site that aren't meant to be perceptible to the rest of the world. Unscrupulous visitors desire to do other than merely look; they make an effort to unfasten the window and slip through it. The damage they can cause might be sheer vandalism, such as changing the website's home page with their own that might say or display anything, or it might be theft, such as stealing a customers or sales database.

It's hard to elude the likelihood that complex software contains bugs. No matter how meticulously it is tested, you can find usually some order of events or user actions, although it may be rare, which leads to an error. Computer software bugs produce gaps in system security. A Web server is involved software which may quite possibly contain a security fault.

It is not only the complexity of a Web server which may create a glitch, but also its open architecture. Think about a CGI script as a case in point. A CGI script may be run at the server in reply to a remote call from a client. It could be a request from an application or even the click of a button in a browser. If the CGI script contains a bug, there may be a risk of a security breach.

Network Administrators also have to handle problems from Web servers due to the threat they pose to the security of the local area network. Whereas there must be no unauthorized intrusions, access has to be granted to website visitors. This means that access to the network must be controlled. The Administrator therefore needs to perform a delicate balancing act. Even the most sturdy firewall may be undermined if the Web server is configured badly. Concomitant with this constraint, normal use of the website may be not possible if the firewall is configured badly. Attaining a model solution is yet more difficult if an intranet exists as an element of the system. Normally, the Web server in that case has to be configured to distinguish and authenticate domains and user groups, which are apt to have varying permission levels and access privileges.

Suggestion: For advice concerning a certain feature of web site security, something like "website security test plan", look for the complete expression on the Net.

Nearly everybody using a browser to surf the Internet trust that they really are doing so namelessly and safely. It is not the case. Web browsers may run self-contained software programs on the user's machine which are hosted by a website. Modern browsers show a notice and ask authorization to execute those programs. Well-known generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, can easily deposit a virus or other dangerous software on the browser user's PC. After it's in the system it can wreak all kinds of havoc and can be extremely hard to get rid of.

This is also a concern for Network Administrators. Web browsers make available a route for potentially malicious software to seep through the local area network's firewall. As soon as it is in the network, the damage it can cause can stretch from covertly stealing confidential data to wilful demolition.

Apart from the problems to do with active content, merely surfing the Internet leaves a trail of the user's activities in the browser's history. This might be utilized by web sites and installed software to establish an accurate profile of the user's behavior and interests. Whereas this may be frowned upon as an invasion of privacy by some, it can be useful by offering applicable subject matter straight away, so relieving the user of the job of looking for it.

Privacy is an issue that concerns not just browser users but also Web Masters and Network Administrators for the duration of the actual transmission of information via the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Net. When it was created, security wasn't the principal aspect of its blueprint. Both network and Internet transmissions should therefore not be thought of as as necessarily private. Whenever the browser on a local PC downloads a sensitive file from the remote Web server, or the browser user fills in a form with private data and clicks the 'Submit' button, the transmitted information can be intercepted without consent.

To find out more about 'website security test plan', visit website-security.biz.